// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.Sniff = new(sniffer.SnifferSetup)
logp.Debug("main", "Initializing protocol plugins")
for proto, plugin := range EnabledProtocolPlugins {
err := plugin.Init(false, b.Events)
if err != nil {
logp.Critical("Initializing plugin %s failed: %v", proto, err)
os.Exit(1)
}
protos.Protos.Register(proto, plugin)
}
var err error
icmpProc, err := icmp.NewIcmp(false, b.Events)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
tcpProc, err := tcp.NewTcp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
udpProc, err := udp.NewUdp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.over = make(chan bool)
logp.Debug("main", "Initializing sniffer")
err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
if err != nil {
logp.Critical("Initializing sniffer failed: %v", err)
os.Exit(1)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
return err
}
func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory {
return func(dl layers.LinkType) (sniffer.Worker, string, error) {
var f *flows.Flows
var err error
config := &pb.Config
if config.Flows.IsEnabled() {
f, err = flows.NewFlows(pb.Pub, config.Flows)
if err != nil {
return nil, "", err
}
}
var icmp4 icmp.ICMPv4Processor
var icmp6 icmp.ICMPv6Processor
if cfg := config.Protocols["icmp"]; cfg.Enabled() {
icmp, err := icmp.New(false, pb.Pub, cfg)
if err != nil {
return nil, "", err
}
icmp4 = icmp
icmp6 = icmp
}
tcp, err := tcp.NewTcp(&protos.Protos)
if err != nil {
return nil, "", err
}
udp, err := udp.NewUdp(&protos.Protos)
if err != nil {
return nil, "", err
}
worker, err := decoder.NewDecoder(f, dl, icmp4, icmp6, tcp, udp)
if err != nil {
return nil, "", err
}
if f != nil {
pb.services = append(pb.services, f)
}
return worker, filter, nil
}
}
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.Sniff = new(sniffer.SnifferSetup)
queueSize := defaultQueueSize
if pb.PbConfig.Shipper.QueueSize != nil {
queueSize = *pb.PbConfig.Shipper.QueueSize
}
pb.Pub = publish.NewPublisher(b.Publisher, queueSize)
pb.Pub.Start()
logp.Debug("main", "Initializing protocol plugins")
for proto, plugin := range EnabledProtocolPlugins {
err := plugin.Init(false, pb.Pub)
if err != nil {
logp.Critical("Initializing plugin %s failed: %v", proto, err)
os.Exit(1)
}
protos.Protos.Register(proto, plugin)
}
var err error
icmpProc, err := icmp.NewIcmp(false, pb.Pub)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
tcpProc, err := tcp.NewTcp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
udpProc, err := udp.NewUdp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.over = make(chan bool)
/*
logp.Debug("main", "Initializing filters")
_, err = filters.FiltersRun(
config.ConfigSingleton.Filter,
EnabledFilterPlugins,
b.Events,
b.Stop)
if err != nil {
logp.Critical("%v", err)
os.Exit(1)
}
*/
logp.Debug("main", "Initializing sniffer")
err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
if err != nil {
logp.Critical("Initializing sniffer failed: %v", err)
os.Exit(1)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
return err
}